Internal DNS Service
GitLab has grown to the point where it now makes sense to offer an "internal" bifurcated DNS view to the GitLab servers. This is being driven my projects like Gitaly, Database HA, Security, and improved topology communication.
An discussion was had about the best way to proceed with @bjk-gitlab, @pcarranza, @omame, and @northrup.
What was reached was an multi-server DNS offering front-ended by a resolving proxy (PowerDNS due to pre-existing knowledge and boring solution) with a passthrough to Consul for internal DNS. Consul will provide the resolution for all internal servers as well as services and service discovery via DNS.
--
Implementation
-
Define 'Services' Network -
Deploy Network and Hosts via Terraform (#2183 (closed)) -
Chef Bootstrap Services (#2184 (closed)) -
Deploy DNS Resolver/Cache (#2185 (closed)) -
Deploy Consul Server (#2185 (closed)) -
Test External Resolution of Hostnames (#2186 (closed)) -
Test Internal Resolution of Hostnames and Services (#2185 (closed)) -
Update Azure Machines to use Internal DNS Servers (#2186 (closed)) -
Deploy Internal DNS to VPN Servers (#2187 (closed)) -
Add Prometheus monitoring of DNS service (#2332 (closed))
Edited by John Northrup